Date: Tue, 4 Aug 1998 04:45:00 +0200 (CEST) From: Sascha Schumann <sas@schell.de> To: Frank Griffith <frankg@idfw.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Security Message-ID: <Pine.BSF.4.01.9808040405190.380-100000@guerilla.foo.bar> In-Reply-To: <001801bdbf32$6b8cc6e0$0200a8c0@fast1.dfw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Aug 1998, Frank Griffith wrote:
> I have FreeBSD 2.2.6 running and I connect to the Internet
> using a dynamic connection. For kicks, I run Apache 1.3.0
> web server on this same unit. It appears that while I've been
> testing my server, some bozo came in and used sendmail
> to send some rough and threatening e-mail to someone. My
> ISP even cancelled my account until I proved I had nothing
> to do with it.
>
> If someone came in, unathorized that is, and used
> my mail server to send mail, which log file would show me
> this intrusion? How can I prevent this from happening again?
/var/log/maillog and the headers of the emails.
You can prevent this and other attacks by setting up a simple firewall on
your system. There are some examples provided in /etc/rc.firewall, so the
easiest thing to get a quick and dirty protection:
o recompile the kernel with options IPFIREWALL and IPDIVERT
o enable the firewall and set the type to simple or client in /etc/rc.conf
o edit /etc/rc.firewall and look/create the setup which suits your
needs
I didn't use it myself up to now, so the above is probably incomplete. ;)
Greetz,
Sascha
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9808040405190.380-100000>